EUVD-2025-201776CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Analysis
Android contains a missing authentication vulnerability (CVE-2025-48572, CVSS 7.8) in multiple locations that allows background activity launches through a permissions bypass, enabling local privilege escalation without user interaction. KEV-listed, this vulnerability enables malicious apps to perform privileged operations silently in the background, bypassing Android's activity launch restrictions.
Technical Context
Android restricts background activity launches to prevent apps from hijacking the user's screen or performing operations without user awareness. This vulnerability bypasses these restrictions, allowing a malicious app to launch privileged activities from the background without user interaction. This can be used for overlay attacks, permission granting, or launching privileged system activities to escalate privileges.
Affected Products
['Android (affected versions per Google security bulletin)']
Remediation
Apply Android security update. Audit installed apps for suspicious behavior. Enterprise: enforce minimum patch levels via MDM.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today